Vendor CVEs
Omron
All CVEs
73 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-33208 | 0.00 | — | 0.02 | Jul 4, 2022 | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier,… | |||
| CVE-2022-26419 | 0.00 | — | 0.02 | Apr 1, 2022 | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. | |||
| CVE-2022-26022 | 0.00 | — | 0.01 | Apr 1, 2022 | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||
| CVE-2022-26417 | 0.00 | — | 0.01 | Apr 1, 2022 | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||
| CVE-2022-25959 | 0.00 | — | 0.01 | Apr 1, 2022 | Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||
| CVE-2022-25325 | 0.00 | — | 0.01 | Mar 7, 2022 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different… | |||
| CVE-2022-21219 | 0.00 | — | 0.01 | Mar 7, 2022 | Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||
| CVE-2022-21137 | 0.00 | — | 0.09 | Jan 14, 2022 | Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. | |||
| CVE-2021-27413 | 0.00 | — | 0.10 | May 13, 2021 | Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||
| CVE-2020-27257 | 0.00 | — | 0.02 | Feb 9, 2021 | This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. | |||
| CVE-2020-27261 | 0.00 | — | 0.08 | Feb 9, 2021 | The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||
| CVE-2020-27259 | 0.00 | — | 0.03 | Feb 9, 2021 | The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | |||
| CVE-2019-18261 | 0.00 | — | 0.01 | Dec 16, 2019 | In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to… | |||
| CVE-2019-18259 | 0.00 | — | 0.02 | Dec 16, 2019 | In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. | |||
| CVE-2019-6556 | 0.00 | — | 0.01 | Apr 10, 2019 | When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the… | |||
| CVE-2018-16207 | 0.00 | — | 0.01 | Mar 27, 2019 | PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors. | |||
| CVE-2018-19027 | 0.00 | — | 0.01 | Jan 30, 2019 | Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | |||
| CVE-2018-18989 | 0.00 | — | 0.02 | Dec 4, 2018 | In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit… | |||
| CVE-2015-1015 | 0.00 | — | 0.00 | Oct 6, 2015 | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. | |||
| CVE-2015-0988 | 0.00 | — | 0.00 | Oct 6, 2015 | Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | |||
| CVE-2014-2370 | 0.00 | — | 0.01 | Jul 24, 2014 | Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | |||
| CVE-2014-2369 | 0.00 | — | 0.01 | Jul 24, 2014 | Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-2301 | 0.00 | — | 0.01 | Mar 29, 2013 | The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. |
- CVE-2022-33208Jul 4, 2022risk 0.00cvss —epss 0.02
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier,…
- CVE-2022-26419Apr 1, 2022risk 0.00cvss —epss 0.02
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.
- CVE-2022-26022Apr 1, 2022risk 0.00cvss —epss 0.01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-26417Apr 1, 2022risk 0.00cvss —epss 0.01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-25959Apr 1, 2022risk 0.00cvss —epss 0.01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-25325Mar 7, 2022risk 0.00cvss —epss 0.01
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different…
- CVE-2022-21219Mar 7, 2022risk 0.00cvss —epss 0.01
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.
- CVE-2022-21137Jan 14, 2022risk 0.00cvss —epss 0.09
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.
- CVE-2021-27413May 13, 2021risk 0.00cvss —epss 0.10
Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- CVE-2020-27257Feb 9, 2021risk 0.00cvss —epss 0.02
This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.
- CVE-2020-27261Feb 9, 2021risk 0.00cvss —epss 0.08
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-27259Feb 9, 2021risk 0.00cvss —epss 0.03
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
- CVE-2019-18261Dec 16, 2019risk 0.00cvss —epss 0.01
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to…
- CVE-2019-18259Dec 16, 2019risk 0.00cvss —epss 0.02
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.
- CVE-2019-6556Apr 10, 2019risk 0.00cvss —epss 0.01
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the…
- CVE-2018-16207Mar 27, 2019risk 0.00cvss —epss 0.01
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.
- CVE-2018-19027Jan 30, 2019risk 0.00cvss —epss 0.01
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- CVE-2018-18989Dec 4, 2018risk 0.00cvss —epss 0.02
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit…
- CVE-2015-1015Oct 6, 2015risk 0.00cvss —epss 0.00
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.
- CVE-2015-0988Oct 6, 2015risk 0.00cvss —epss 0.00
Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.
- CVE-2014-2370Jul 24, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
- CVE-2014-2369Jul 24, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2013-2301Mar 29, 2013risk 0.00cvss —epss 0.01
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
Page 2 of 2